Hands On Keyboard
A Hands-On-Keyboard attack is when a threat actor is manually performing activities on exploited hosts rather than using scripted commands. While this type of constantly evolving threat activity can be inherently difficult to detect with signatures, the confluence of this behavior over finite time windows does lend itself to high-confidence probabilistic detection using machine learning.
This detector scores process events for a set timeframe using machine learning models and then uses these scores to identify potential Hands-On-Keyboard activity, published as alerts to the Secureworks® Taegis™ XDR Dashboard.
Hands On Keyboard Alert
Information found in high and critical alerts include:
- Number of events in the detection timeframe that matched features on the machine learning model
- Common parent image path for the events in the detection timeframe
Schema ⫘
Process
Outputs ⫘
Hands-On-Keyboard alerts pushed to the XDR Dashboard
Configuration Options ⫘
None